Phishing scam targets Myspace users

Fans lured to fake site, where personal details are stolen

Shares

Visitors to the Myspace website are being targeted by a mass phishing attack that directs them to a bogus music download site.

Security firm Sophos said that emails sent by a Myspace user appeared to be trying to lure victims to the Myspace website by offering them a free music track. However, rather than taking users to the Myspace website, it redirects them to a fake website claiming to sell MP3s.

The person is then encouraged to pay to download music, allowing the phishers access to personal information, credit card details and email addresses if any details are entered.

Sophos warned it is an "aggressively distributed campaign", and the phishing emails have been sent to hundreds of thousands of people around the world in the past week. By pretending to be an email from a Myspace contact, the likelihood of potential victims opening the email is raised.

To give the email additional authentication, the phishers have also included a fake Myspace message: "At Myspace we care about your privacy. We have sent you this notification to facilitate your use as a member of the Myspace service. If you don't want to receive emails like this to your external email account in the future, change your Account Settings to 'Do not send me notification emails'."

43 million targets

Graham Cluley, senior technology consultant at Sophos, said: "By making the headlines nearly every day, the Myspace brand has quickly become a household name, with 43 million users now signed up. As a result, it was only a matter of time before spammers jumped on its popularity for illegal purposes.

"This email has been so aggressively spammed out that many of its recipients are not even Myspace users, so common sense should tell them the email is unsolicited and is to be deleted.

"Anyone who follows the links expecting to get free music, however, is risking handing their email address, credit card numbers and other private information over to the spammers."

The subject headings of the phishing emails typically read: 'New message from on Myspace sent on '. The message in the email then informs the user: 'You've got a new song from on Myspace!', and invites them to click on a link to hear 'your Myspace music'. Anna Lagerkvist